:-) On 06/08/2017 12:38 PM, Dominic Raferd wrote: > On 08/06/2017 10:55, Marek Kozlowski wrote: >> :-) >> >> Numerous users of my system use forward to external MTAs. From time to >> time it causes some issues with SPF on those MTAs. SRS could resolve >> those. >> I'm wondering if you could recommend any SRS software which nicely >> integrates with postfix and doesn't interfere with canonicals (postsrsd >> does[*])... >> > > We forward our users' incoming mails through our postfix servers to > external MTAs (almost always Gmail). Yes it breaks SPF but it is not > usually a problem, because it doesn't break DKIM. It would of course be > a problem if the external MTAs chose to enforce rejection based purely > on SPF; a very unwise practice IMO, but there may not be much you can do > about it. > > In our case (with Gmail as the external MTA) it is only a problem if the > source domain has a 'reject' DMARC policy and the original message, > though passing SPF, fails DKIM (probably because it is unsigned). Our > system monitors the log for such a rejection (by Gmail) and if found > will then encapsulate the original message and re-send it to recipient > (with an explanatory text). In my experience such instances are very rare.
I've recently implemented opendkim. As far as I understand your explanation if the message is DKIM-signed I should not worry too much about SRS? Best regards, Marek
